Source code for tcms.utils.github

# Copyright (c) 2019-2024 Alexander Todorov <>

import hashlib
import hmac

from django.http import HttpResponseForbidden

[docs] def calculate_signature(secret, contents): """ Calculate GitHub signature header. WARNING: both parameters must be bytes, not string! """ return "sha1=" +, msg=contents, digestmod=hashlib.sha1).hexdigest()
[docs] def verify_signature(request, secret): """ Verifies request comes from GitHub, see: """ signature = request.headers.get("X-Hub-Signature", None) if not signature: return HttpResponseForbidden() expected = calculate_signature(secret, request.body) # due to security reasons do not use '==' operator # if not hmac.compare_digest(signature, expected): return HttpResponseForbidden() return True # b/c of inconsistent-return-statements
[docs] def repo_id(url): """ Return an owner/repository combo given a URL """ result = url.strip().strip("/").lower() result = ( result.replace("https://", "").replace("http://", "").replace("", "") ) return result